Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

smssend trojan

When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the "installation" fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.

Similar trojans have affected Windows and even Android platforms for some time, but the tactic is now being used to target Mac users.

smssend definition
Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users' systems updated. The anti-malware tools automatically detect when a user has downloaded a file matching the signature of known malware, alerting the user of the threat and advising them to discard the downloaded file.

Top Rated Comments

spyguy10709 Avatar
148 months ago
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

LOL welcome to reality - this isn't a virus at all. It's a fake installer that asks for your cell phone number. It's not an infection - it's a poor phishing attempt.
Score: 20 Votes (Like | Disagree)
spyguy10709 Avatar
148 months ago
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D
Score: 15 Votes (Like | Disagree)
gnasher729 Avatar
148 months ago
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

Since this application is neither a virus nor spyware I'd say people are quite right.
Score: 12 Votes (Like | Disagree)
mw360 Avatar
148 months ago
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

From wikipedia:

A computer virus is a computer program that can replicate itself[1] and spread from one computer to another.

Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge.

This is neither. Its a plain old scam.
Score: 11 Votes (Like | Disagree)
0815 Avatar
148 months ago
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my password and cell phone number is not scary at all - its a lame phishing attempt that I laugh about.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in their cell phone number - it is almost impossible to protect those people from their own stupidity.

Anyway, glad to see that Apple is trying to protect people from their own stupidity.
Score: 10 Votes (Like | Disagree)
ArtOfWarfare Avatar
148 months ago
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?
Score: 8 Votes (Like | Disagree)

Popular Stories

iOS 18 Siri Integrated Feature

iOS 18 Rumored to Add These 10 New Features to Your iPhone

Wednesday April 24, 2024 2:05 pm PDT by
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple Silicon AI Optimized Feature Siri

Apple Releases Open Source AI Models That Run On-Device

Wednesday April 24, 2024 3:39 pm PDT by
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
macbook pro purple february

Best Buy Introduces Record Low Prices on Apple's M3 MacBook Pro for Members

Thursday April 25, 2024 7:41 am PDT by
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
apple id account

Apple ID Accounts Logging Out Users and Requiring Password Reset

Saturday April 27, 2024 12:41 am PDT by
There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again. Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in again they are locked out of their account and asked to reset their password in order to regain access. ...
macos sonoma feature purple green

Apple's Regular Mac Base RAM Boosts Ended When Tim Cook Took Over

Friday April 26, 2024 6:34 am PDT by
Apple used to regularly increase the base memory of its Macs up until 2011, the same year Tim Cook was appointed CEO, charts posted on Mastodon by David Schaub show. Earlier this year, Schaub generated two charts: One showing the base memory capacities of Apple's all-in-one Macs from 1984 onwards, and a second depicting Apple's consumer laptop base RAM from 1999 onwards. Both charts were...